7 matches found
CVE-2019-20058
Bolt 3.7.0, if Symfony Web Profiler is used, allows XSS because unsanitized search?search= input is shown on the profiler page. NOTE: this is disputed because profiling was never intended for use in production. This is related to CVE-2018-12040...
Design/Logic Flaw
DISPUTED Bolt 3.7.0, if Symfony Web Profiler is used, allows XSS because unsanitized search?search= input is shown on the profiler page. NOTE: this is disputed because profiling was never intended for use in production. This is related to CVE-2018-12040...
CVE-2019-20058
Bolt 3.7.0, if Symfony Web Profiler is used, allows XSS because unsanitized search?search= input is shown on the profiler page. NOTE: this is disputed because profiling was never intended for use in production. This is related to CVE-2018-12040...
CVE-2018-12040
Reflected Cross-site scripting XSS vulnerability in the web profiler in SensioLabs Symfony 3.3.6 allows remote attackers to inject arbitrary web script or HTML via the "file" parameter, aka an profiler/open?file= URI. NOTE: The vendor states "The XSS ... is in the web profiler, a tool that should...
CVE-2018-12040
CVE-2018-12040 reports a reflected XSS vulnerability in SensioLabs Symfony 3.3.6's Web Profiler, exploitable via the file parameter in _profiler/open?file=. The issue is documented across multiple feeds (NVD/OSV) and is described as a vulnerability in the web profiler that should not be deployed ...
CVE-2018-12040
Reflected Cross-site scripting XSS vulnerability in the web profiler in SensioLabs Symfony 3.3.6 allows remote attackers to inject arbitrary web script or HTML via the "file" parameter, aka an profiler/open?file= URI. NOTE: The vendor states "The XSS ... is in the web profiler, a tool that should...
SensioLabs Symfony 3.3.6 Cross Site Scripting
SensioLabs Symfony version 3.3.6 - Cross-Site Scripting Reflect Exploit Title: SensioLabs Symfony version 3.3.6 - Cross-Site Scripting Reflect Date: 08-06-2018 Software Link: https://symfony.com/ Exploit Author: HaMM0nz Chakrit S., a member of KPMG Cyber Security team in Thailand CVE:...